Payment cards, such as debit and credit cards, enjoy widespread use among consumers. New devices, such as mobile phones with Near-Field Communication (NFC) functionality, are also joining payment cards as a means of payment. These payment methods generally rely upon a merchant having a point-of-sale (POS) terminal that is capable of handling the payment transaction, for example to verify that the payment card is present and valid.
Generally, POS terminals must be certified for compliance with accepted security standards before they will be accepted by payment card issuers. One common certification is for compliance with the Federal Information Processing Standards (FIPS) 140 series of computer security standards. The most recently issued version of the 140 series is the FIPS 140-2 standard.
FIPS 140-2 defines four levels of security, from “Level 1” to “Level 4”. Level 1 is the lowest level standard and imposes only limited requirements. Level 2 requires physical tamper evidence measures and role-based authentication. Level 3 adds the requirement for physical or logical separation for interfaces via which “critical security parameters” are input or output. Finally, Level 4 requires even more stringent physical security requirements, and protections against environmental attacks.
FIPS certification is a time consuming process that can take many months. Moreover, any modifications to a certified module require an update to the FIPS certification if it is to be maintained. However, when designing a hardware device that is to be FIPS certified, it can be difficult to accurately forecast all application requirements. Hardware design has long lead times, which can be compounded by the delay required to obtain FIPS certification. It would be preferable to offer a flexible environment in association with a FIPS-certified cryptographic module, without crossing over into a “modifiable environment” (e.g., general purpose operating systems) that requires extensive additional certification.